Note
Please leave any comments or opinions about this document at Mudfish Forum (http://forums.en.loxch.com)
This document is for who want to operate Mudfish VPN server yourself and explain about how to set up and run.
At current of Mudfish Server, it’s designed working on the following operating systems.
Amazon Linux - EC2 (64 bit)
Should work smoothly on macro instance. :-)
CentOS 5.x and 6.x (64 bit)
Warning
When Mudfish Server is launched on your system, the following information are automatically stored on Mudfish main server. Please be aware about these and don’t install if you don’t agree with it.
Mudfish Server package is distributed by homepage (http://en.loxch.com). Please visit if you want to download latest one.
Warning
If you’re trying to install Mudfish Server package on the virtualization evironment, please aware that OpenVZ isn’t supported. Only the following hypervisors are supported.
To install the package, root permission is required and there are some dependency to other packages like below:
gcc
Cache-Terminator depends on this package because VCL (Varnish Configuration Language) should use it to compile the configuration.
GeoIP
Cache-Terminator depends on this package to know country information based on user’s IP address.
Note
For CentOS 5.x, please check system’s yum repositories for “extras”. It could be disabled by some reasons.
For CentOS 6.x, you need to install EPEL(Extra Packages for Enterprise Linux) yum repository on your system if you failed to search GeoIP. Use the following commands to install it then retry.
# cd /tmp/
# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
Installs above two packages with yum command.
# yum install gcc GeoIP
Loaded plugins: priorities, security, update-motd, upgrade-helper
amzn-main | 2.1 kB 00:00
amzn-updates | 2.3 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package GeoIP.x86_64 0:1.4.8-1.5.amzn1 will be installed
---> Package gcc.noarch 0:4.6.2-1.8.amzn1 will be installed
--> Processing Dependency: gcc46 = 4.6.2 for package: gcc-4.6.2-1.8.amzn1.noarch
--> Running transaction check
---> Package gcc46.x86_64 0:4.6.2-2.65.amzn1 will be installed
--> Processing Dependency: cpp46 = 4.6.2-2.65.amzn1 for package: gcc46-4.6.2-2.65.amzn1.x86_64
--> Processing Dependency: libgcc46 = 4.6.2 for package: gcc46-4.6.2-2.65.amzn1.x86_64
--> Processing Dependency: binutils >= 2.20.51.0.2-12 for package: gcc46-4.6.2-2.65.amzn1.x86_64
--> Processing Dependency: libgomp >= 4.6.2-2.65.amzn1 for package: gcc46-4.6.2-2.65.amzn1.x86_64
--> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc46-4.6.2-2.65.amzn1.x86_64
--> Processing Dependency: libmpfr.so.1()(64bit) for package: gcc46-4.6.2-2.65.amzn1.x86_64
--> Processing Dependency: libmpc.so.2()(64bit) for package: gcc46-4.6.2-2.65.amzn1.x86_64
--> Processing Dependency: libgomp.so.1()(64bit) for package: gcc46-4.6.2-2.65.amzn1.x86_64
--> Running transaction check
---> Package binutils.x86_64 0:2.20.51.0.7-8.29.amzn1 will be installed
---> Package cpp46.x86_64 0:4.6.2-2.65.amzn1 will be installed
---> Package glibc-devel.x86_64 0:2.12-1.80.42.amzn1 will be installed
--> Processing Dependency: glibc-headers = 2.12-1.80.42.amzn1 for package: glibc-devel-2.12-1.80.42.amzn1.x86_64
--> Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.80.42.amzn1.x86_64
---> Package libgcc46.x86_64 0:4.6.2-2.65.amzn1 will be installed
---> Package libgomp.x86_64 0:4.7.2-2.69.amzn1 will be installed
---> Package libmpc.x86_64 0:0.8.2-1.4.amzn1 will be installed
---> Package mpfr.x86_64 0:2.4.2-1.7.amzn1 will be installed
--> Running transaction check
---> Package glibc-headers.x86_64 0:2.12-1.80.42.amzn1 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.12-1.80.42.amzn1.x86_64
--> Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.80.42.amzn1.x86_64
--> Running transaction check
---> Package kernel-headers.x86_64 0:3.2.39-6.88.amzn1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
GeoIP x86_64 1.4.8-1.5.amzn1 amzn-main 783 k
gcc noarch 4.6.2-1.8.amzn1 amzn-main 2.7 k
Installing for dependencies:
binutils x86_64 2.20.51.0.7-8.29.amzn1 amzn-main 3.6 M
cpp46 x86_64 4.6.2-2.65.amzn1 amzn-main 4.8 M
gcc46 x86_64 4.6.2-2.65.amzn1 amzn-main 14 M
glibc-devel x86_64 2.12-1.80.42.amzn1 amzn-main 1.0 M
glibc-headers x86_64 2.12-1.80.42.amzn1 amzn-main 648 k
kernel-headers x86_64 3.2.39-6.88.amzn1 amzn-updates 847 k
libgcc46 x86_64 4.6.2-2.65.amzn1 amzn-main 98 k
libgomp x86_64 4.7.2-2.69.amzn1 amzn-updates 113 k
libmpc x86_64 0.8.2-1.4.amzn1 amzn-main 49 k
mpfr x86_64 2.4.2-1.7.amzn1 amzn-main 182 k
Transaction Summary
================================================================================
Install 12 Package(s)
Total download size: 26 M
Installed size: 50 M
Is this ok [y/N]: y
Downloading Packages:
(1/12): GeoIP-1.4.8-1.5.amzn1.x86_64.rpm | 783 kB 00:00
(2/12): binutils-2.20.51.0.7-8.29.amzn1.x86_64.rpm | 3.6 MB 00:00
(3/12): cpp46-4.6.2-2.65.amzn1.x86_64.rpm | 4.8 MB 00:00
(4/12): gcc-4.6.2-1.8.amzn1.noarch.rpm | 2.7 kB 00:00
(5/12): gcc46-4.6.2-2.65.amzn1.x86_64.rpm | 14 MB 00:00
(6/12): glibc-devel-2.12-1.80.42.amzn1.x86_64.rpm | 1.0 MB 00:00
(7/12): glibc-headers-2.12-1.80.42.amzn1.x86_64.rpm | 648 kB 00:00
(8/12): kernel-headers-3.2.39-6.88.amzn1.x86_64.rpm | 847 kB 00:00
(9/12): libgcc46-4.6.2-2.65.amzn1.x86_64.rpm | 98 kB 00:00
(10/12): libgomp-4.7.2-2.69.amzn1.x86_64.rpm | 113 kB 00:00
(11/12): libmpc-0.8.2-1.4.amzn1.x86_64.rpm | 49 kB 00:00
(12/12): mpfr-2.4.2-1.7.amzn1.x86_64.rpm | 182 kB 00:00
--------------------------------------------------------------------------------
Total 15 MB/s | 26 MB 00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : mpfr-2.4.2-1.7.amzn1.x86_64 1/12
Installing : libmpc-0.8.2-1.4.amzn1.x86_64 2/12
Installing : cpp46-4.6.2-2.65.amzn1.x86_64 3/12
Installing : kernel-headers-3.2.39-6.88.amzn1.x86_64 4/12
Installing : glibc-headers-2.12-1.80.42.amzn1.x86_64 5/12
Installing : glibc-devel-2.12-1.80.42.amzn1.x86_64 6/12
Installing : libgcc46-4.6.2-2.65.amzn1.x86_64 7/12
Installing : libgomp-4.7.2-2.69.amzn1.x86_64 8/12
Installing : binutils-2.20.51.0.7-8.29.amzn1.x86_64 9/12
Installing : gcc46-4.6.2-2.65.amzn1.x86_64 10/12
Installing : gcc-4.6.2-1.8.amzn1.noarch 11/12
Installing : GeoIP-1.4.8-1.5.amzn1.x86_64 12/12
Verifying : binutils-2.20.51.0.7-8.29.amzn1.x86_64 1/12
Verifying : glibc-headers-2.12-1.80.42.amzn1.x86_64 2/12
Verifying : GeoIP-1.4.8-1.5.amzn1.x86_64 3/12
Verifying : libmpc-0.8.2-1.4.amzn1.x86_64 4/12
Verifying : gcc46-4.6.2-2.65.amzn1.x86_64 5/12
Verifying : gcc-4.6.2-1.8.amzn1.noarch 6/12
Verifying : libgomp-4.7.2-2.69.amzn1.x86_64 7/12
Verifying : libgcc46-4.6.2-2.65.amzn1.x86_64 8/12
Verifying : mpfr-2.4.2-1.7.amzn1.x86_64 9/12
Verifying : cpp46-4.6.2-2.65.amzn1.x86_64 10/12
Verifying : glibc-devel-2.12-1.80.42.amzn1.x86_64 11/12
Verifying : kernel-headers-3.2.39-6.88.amzn1.x86_64 12/12
Installed:
GeoIP.x86_64 0:1.4.8-1.5.amzn1 gcc.noarch 0:4.6.2-1.8.amzn1
Dependency Installed:
binutils.x86_64 0:2.20.51.0.7-8.29.amzn1
cpp46.x86_64 0:4.6.2-2.65.amzn1
gcc46.x86_64 0:4.6.2-2.65.amzn1
glibc-devel.x86_64 0:2.12-1.80.42.amzn1
glibc-headers.x86_64 0:2.12-1.80.42.amzn1
kernel-headers.x86_64 0:3.2.39-6.88.amzn1
libgcc46.x86_64 0:4.6.2-2.65.amzn1
libgomp.x86_64 0:4.7.2-2.69.amzn1
libmpc.x86_64 0:0.8.2-1.4.amzn1
mpfr.x86_64 0:2.4.2-1.7.amzn1
Complete!
#
Installs mudfish-server RPM package when it’s completed.
# rpm -ivh mudfish-server-1.0.0-0.x86_64.rpm
Preparing... ########################################### [100%]
1:mudfish-server ########################################### [100%]
Done to install Mudfish Server. Now we need to set up the firewall for Mudfish users to allow to connect your Mudfish VPN server.
For Mudfish VPN server to work correctly the following firewall policy should be made.
Port 10007 and 10008 ports for TCP/UDP
Port 10007 and 10008 are used by Mudfish Server daemons. It’s to receive traffics from outside. Please make sure that it’s listening on both TCP and UDP protocols.
ICMP
ICMP protocol is used to calculate RTT (Round Trip Time) between Mudfish users and your Mudfish VPN server when your Mudfish VPN server is registered in Mudfish main server. Depending on the configuration of users, UDP or TCP protocols are used too. So it’s impossible letting Mudfish users know RTT information without allowing ICMP protocol.
Done to set up firewall. Next step is for OS.
There are three parts for System; NAT, IP forwarding and ICMP echo ignoring.
Using the following commands you can set up. If you encounter any kind of error messages while you’re setting up your system, please ask problems through Mudfish Forum.
# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 10.252.0.0/14
# /sbin/sysctl net.ipv4.ip_forward=1
If the version of Mudfish Server you’re using is v1.0.4 or higher, the following command is required by sysctl command.
# /sbin/sysctl net.ipv4.icmp_echo_ignore_all=1
Note
If your system was rebooted by some reasons, please aware that your settings you did on above are reset. Please use the following commands if you want to set up permanently after setting above.
# /etc/init.d/iptables save
# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
# echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
If you want to run Mudfish Server automatically when it’s booted. Please use the following command to register mudfish-server script.
# /sbin/chkconfig --level 2345 mudfish-server on
OK it’s done for your OS. Next step is the configuration part of Mudfish Server.
If you’re launching Mudfish Server without any modification of configuration, the following rules are applied:
- If name file doesn’t exist or empty, your server name picked by Mudfish main server including your public IP and country code.
- owner_name or owner_email files don’t exist or empty, ‘Unknown’ string will be shown.
- If you don’t have any ACL (Access Control List) policy using users_allow or users_deny, it means all users are accessible to your server.
The configuration file are always under /etc/mudfish-server/ directory.
/etc/mudfish-server/commercial_node
If this content body of this file is “True” or “Yes”, it’s regisitered as the premium node that not free. If you’d like to open a free server, you don’t need to create the file or save the file with “False” or “No”.
/etc/mudfish-server/commercial_node_currency
Sets the currency applied to commercial_node_price_domestic and commercial_node_price_international files. Availabel currencies are as follows:
This option is only valid if the server is set for the premium node.
$ cat /etc/mudfish-server/commercial_node_currency
USD
/etc/mudfish-server/commercial_node_price_domestic
Points the price for the domestic traffics per Gbytes. Its value type is float so allows a value like 0.0123.
This option is only valid if the server is set for the premium node.
$ cat /etc/mudfish-server/commercial_node_price_domestic
0.0012
/etc/mudfish-server/commercial_node_price_international
Points the price for the international traffics per Gbytes. Its value type is float so allows a value like 0.0123.
This option is only valid if the server is set for the premium node.
$ cat /etc/mudfish-server/commercial_node_price_international
0.0012
/etc/mudfish-server/country
Auto genenrated file. This file contains country code of your Mudfish VPN server.
Calculated based on GeoIP database.
/etc/mudfish-server/name
Names your Mudfish VPN server shown to Mudfish users. Limited characters (including alphabets, number and some special characters) are allowed that other exceptional characters are converted to ‘_’ (underscore) character.
Note
Please note that always the country code based on GeoIP is prepended before your server name to let users know where your server is located.
$ cat /etc/mudfish-server/name
US West (Weongyo's server)
If you want to change your server name, please restart Mudfish Server package.
/etc/mudfish-server/owner_name
Note
This option is available at Mudfish Server v1.0.2 or higher.
Could contain operator’s name. If not set, “Unknown” is set automatically.
/etc/mudfish-server/owner_email
Note
This option is available at Mudfish Server v1.0.2 or higher.
Could contain operator’s email which could be used to contact by Mudfish users or mudfish teams.
/etc/mudfish-server/public_ip
Auto genenrated file. This file contains public IP address of your Mudfish VPN server.
/etc/mudfish-server/users_allow
Lists IDs of Mudfish accounts to allow connections to your Mudfish VPN server. Please aware that any Mudfish users who didn’t be listed on here are denied to access. One user per a line.
Please note that a ID can’t place on both users_allow and users_deny files.
$ cat /etc/mudfish-server/users_allow
weongyo
userid1
mijung
/etc/mudfish-server/users_deny
Lists IDs of Mudfish accounts to deny connections to your Mudfish VPN server. Please aware that any Mudfish users who didn’t be listed on here are allowed to access.
Please note that a ID can’t place on both users_allow and users_deny files.
/etc/mudfish-server/type
Normally S character only to point the type of Mudfish VPN server.
/etc/mudfish-server/v2_tapip
Auto genenrated file. This file contains the private IP address assigned for your Mudfish VPN server.
/etc/mudfish-server/varnishd_listen_address
Auto genenrated file. This file contains the listening address for Cache-Terminator.
/etc/mudfish-server/version
Contains the version of Mudfish Server you’d like to use. Depending on this file, the specific Mudfish Server’s selected which under /opt/mudfish-server/<version>/ directory.
Please use the following command to launch Mudfish Server after you set up the configuration of Mudfish Server under /etc/mudfish-server/ directory correctly.
# /etc/init.d/mudfish-server start
If there are any issues while it’s launching, please check /var/log/messages file to know what’s going on.
Now you should check whether your Mudfish VPN server is registered to Mudfish main server correctly. Easiest way to check whether it’s on or not is that with visiting the following URL:
Mudfish: Realtime VPN Server’s status
To stop Mudfish Server, please use the following command.
# /etc/init.d/mudfish-server stop
Please make sure that all processes of Mudfish Server are terminated using ps command.